annotate MoinMoin/session.py @ 4084:be4cefe2a219

secure session cookies for https, cfg.cookie_secure
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Fri, 12 Sep 2008 22:01:46 +0200
parents 68da15c7eeec
children afd75bb5f345
rev   line source
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
1 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
2 MoinMoin - session handling
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
3
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
4 Session handling in MoinMoin is done mostly by the request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
5 with help from a SessionHandler instance (see below.)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
6
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
7
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
8 @copyright: 2007 MoinMoin:JohannesBerg,
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
9 2008 MoinMoin:ThomasWaldmann
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
10
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
11 @license: GNU GPL, see COPYING for details.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
12 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
13
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
14 import Cookie
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
15
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
16 from MoinMoin import log
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
17 logging = log.getLogger(__name__)
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
18
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
19 from MoinMoin import caching
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
20 from MoinMoin.user import User
2031
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
21 from MoinMoin.util import random_string
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
22 import time, random
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
23
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
24 class SessionData(object):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
25 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
26 MoinMoin session data base class
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
27
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
28 An object of this class must be assigned to
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
29 request.session by the SessionHandler's start
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
30 method.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
31
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
32 Instances conform to the dict protocol (__setitem__, __getitem__,
2911
50e0afbdc870 session handling: fix bug in docstring
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2907
diff changeset
33 __contains__, __delitem__, get) and have the additional properties
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
34 is_stored and is_new.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
35 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
36 def __init__(self, request):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
37 self.is_stored = False
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
38 self.is_new = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
39 self.request = request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
40
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
41 def __setitem__(self, name, value):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
42 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
43
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
44 def __getitem__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
45 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
46
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
47 def __contains__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
48 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
49
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
50 def __delitem__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
51 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
52
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
53 def get(self, name, default=None):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
54 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
55
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
56
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
57 class DefaultSessionData(SessionData):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
58 """ DefaultSessionData -- session data for DefaultSessionHandler
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
59
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
60 If you wish to override just the session storage then you can
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
61 inherit from this class, implement all methods and assign the
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
62 class to the dataclass keyword parameter to the DefaultSessionHandler
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
63 constructor.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
64
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
65 Newly created objects should have be marked as expiring right away
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
66 until set_expiry() is called.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
67 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
68 def __init__(self, request, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
69 """create session object
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
70
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
71 @param request: the request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
72 @param name: the session name
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
73 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
74 SessionData.__init__(self, request)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
75 self.name = name
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
76
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
77 def set_expiry(self, expires):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
78 """reset expiry for this session object"""
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
79 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
80
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
81 def delete(self):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
82 """clear session data and remove from it storage"""
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
83 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
84
2906
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
85 def cleanup(cls, request):
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
86 """clean up expired sessions"""
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
87 raise NotImplementedError
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
88 cleanup = classmethod(cleanup)
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
89
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
90 class CacheSessionData(DefaultSessionData):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
91 """ SessionData -- store data for a session
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
92
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
93 This stores session data in memory and also maintains a cache of it on
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
94 disk, so the same data will be loaded from disk cache in the next request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
95 of the same session.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
96
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
97 Once in a while, expired session's cache files will be automatically cleaned up.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
98 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
99 def __init__(self, request, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
100 DefaultSessionData.__init__(self, request, name)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
101
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
102 # we can use farm scope since the session name is totally random
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
103 # this means that the session is kept over multiple wikis in a farm
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
104 # when they share user_dir and cookies
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
105 self._ce = caching.CacheEntry(request, 'session', name, 'farm',
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
106 use_pickle=True)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
107 try:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
108 self._data = self._ce.content()
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
109 logging.debug("loaded session data from cache entry: %r" % self._data)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
110 if self['expires'] <= time.time():
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
111 logging.debug("session expired, removing session cache entry")
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
112 self._ce.remove()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
113 self._data = {'expires': 0}
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
114 except caching.CacheError:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
115 self._data = {'expires': 0}
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
116
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
117 def __setitem__(self, name, value):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
118 self._data[name] = value
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
119 if len(self._data) > 1 and self['expires'] > time.time():
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
120 logging.debug("storing %r:%r item into session cache entry" % (name, value))
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
121 self._ce.update(self._data)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
122
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
123 def __getitem__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
124 return self._data[name]
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
125
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
126 def __contains__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
127 return name in self._data
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
128
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
129 def __delitem__(self, name):
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
130 old_value = self._data[name]
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
131 del self._data[name]
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
132 if len(self._data) <= 1:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
133 self._ce.remove()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
134 elif self['expires'] > time.time():
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
135 logging.debug("removing %r:%r item from session cache entry" % (name, old_value))
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
136 self._ce.update(self._data)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
137
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
138 def get(self, name, default=None):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
139 return self._data.get(name, default)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
140
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
141 def set_expiry(self, expires):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
142 # Set 'expires' an hour later than it should actually expire.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
143 # That way, the expiry code will delete the item an hour later
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
144 # than it has actually expired, but that is acceptable and we
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
145 # don't need to update the file all the time
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
146 if expires and self['expires'] < expires:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
147 self['expires'] = expires + 3600
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
148
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
149 def delete(self):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
150 try:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
151 self._ce.remove()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
152 except caching.CacheError:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
153 pass
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
154 self._data = {'expires': 0}
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
155
2906
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
156 def cleanup(cls, request):
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
157 cachelist = caching.get_cache_list(request, 'session', 'farm')
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
158 tnow = time.time()
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
159 removed_count = 0
2906
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
160 for name in cachelist:
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
161 entry = caching.CacheEntry(request, 'session', name, 'farm',
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
162 use_pickle=True)
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
163 try:
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
164 data = entry.content()
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
165 if 'expires' in data and data['expires'] < tnow:
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
166 entry.remove()
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
167 removed_count += 1
2906
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
168 except caching.CacheError:
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
169 pass
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
170 logging.debug("removed %d expired sessions while performing session cache cleanup" % removed_count)
2906
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
171 cleanup = classmethod(cleanup)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
172
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
173
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
174 class SessionHandler(object):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
175 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
176 MoinMoin session handler base class
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
177
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
178 SessionHandler is an abstract method defining the interface
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
179 to a session handler object.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
180
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
181 Session handling in MoinMoin works as follows:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
182
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
183 When a request is received, first the cookie is read into a
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
184 Cookie.SimpleCookie instance, this is passed to the selected
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
185 session handler's (cfg.session_handler) start method (see below)
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
186 which must return a MoinMoin.user.User instance (or None). The
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
187 session handler is also responsible for string the user object's
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
188 auth_method and auth_attribs fields across sessions as those are
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
189 not saved to the user file.
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
190
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
191 Then, all authentication methods are called with this user object,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
192 they can modify it or return a different one.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
193
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
194 After they have changed the user object suitably, the session
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
195 handler's after_auth method is invoked to set the cookie.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
196
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
197 Then, the request is executed and finally the session handler's
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
198 finish method is invoked.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
199 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
200 def __init__(self):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
201 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
202 Session handler initialisation
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
203
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
204 Only provided for future compatibility.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
205 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
206 pass
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
207
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
208 def start(self, request, cookie):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
209 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
210 Session handler start
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
211
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
212 Invoked very early during request handling to preload
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
213 a user object from the session (if any.)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
214 This method must also assign to request.session an object
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
215 derived from SessionDataInterface.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
216
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
217 @param request: the request instance
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
218 @param cookie: a Cookie.SimpleCookie with the request cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
219 @return: a MoinMoin.user.User instance or None
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
220 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
221 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
222
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
223 def after_auth(self, request, cookie, user_obj):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
224 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
225 Session handler auth chain callback
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
226
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
227 Invoked after all auth items have run (or multistage was
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
228 requested by one), but before the request is actually
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
229 handled and output is made. Should set the cookie.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
230
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
231 @param request: the request instance
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
232 @param cookie: a Cookie.SimpleCookie with the request cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
233 @param user_obj: the user object returned from the auth methods
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
234 (or None)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
235 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
236 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
237
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
238 def finish(self, request, cookie, user_obj):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
239 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
240 Session handler request finish callback
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
241
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
242 Invoked after the request is completely finished.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
243
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
244 @param request: the request instance
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
245 @param cookie: a Cookie.SimpleCookie with the request cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
246 @param user_obj: the user object that was used in this request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
247 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
248 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
249
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
250
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
251
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
252
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
253 class SessionIDHandler:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
254 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
255 MoinMoin session ID handling
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
256
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
257 Instances of this class are used by the session handling code
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
258 to set/get the persistent ID that is used to identify the session
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
259 which is usually stored in a cookie.
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
260 """
3499
b18ca3046da7 MoinMoin.session: removed char "-" from possible session name chars
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3498
diff changeset
261 _SESSION_NAME_CHARS = 'abcdefghijklmnopqrstuvwxyz0123456789_'
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
262 _SESSION_NAME_LEN = 32
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
263
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
264 def __init__(self):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
265 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
266 Initialise the session ID handler.
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
267 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
268 pass
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
269
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
270 def get(self, request):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
271 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
272 Return the persistent ID for this request.
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
273
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
274 @param request: the request instance
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
275 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
276 raise NotImplementedError
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
277
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
278 def set(self, request, session_id, expires):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
279 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
280 Set a persistent ID for the request to be returned by the
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
281 user agent.
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
282
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
283 @param request: the request instance
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
284 @param session_id: the ID for this session
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
285 @param expires: expiry date/time in unix seconds (cf. time.time())
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
286 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
287 raise NotImplementedError
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
288
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
289 def generate_new_id(self, request):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
290 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
291 Generate a new unique ID.
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
292
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
293 @param request: the request instance
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
294 """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
295 return random_string(self._SESSION_NAME_LEN, self._SESSION_NAME_CHARS)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
296
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
297
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
298
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
299 class MoinCookieSessionIDHandler(SessionIDHandler):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
300 def __init__(self, cookie_name='MOIN_SESSION'):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
301 SessionIDHandler.__init__(self)
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
302 self.cookie_name = cookie_name
2919
4cd85d841bbd Remove trailing whitespace.
Karol 'grzywacz' Nowak <grzywacz@sul.uni.lodz.pl>
parents: 2913
diff changeset
303
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
304 def _make_cookie(self, request, cookie_name, cookie_string, maxage, expires):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
305 """ create an appropriate cookie """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
306 cookie = Cookie.SimpleCookie()
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
307 cfg = request.cfg
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
308 cookie[cookie_name] = cookie_string
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
309 cookie[cookie_name]['max-age'] = maxage
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
310 if cfg.cookie_domain:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
311 cookie[cookie_name]['domain'] = cfg.cookie_domain
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
312 if cfg.cookie_path:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
313 cookie[cookie_name]['path'] = cfg.cookie_path
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
314 else:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
315 path = request.getScriptname()
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
316 if not path:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
317 path = '/'
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
318 cookie[cookie_name]['path'] = path
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
319 # Set expires for older clients
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
320 cookie[cookie_name]['expires'] = request.httpDate(when=expires, rfc='850')
4084
be4cefe2a219 secure session cookies for https, cfg.cookie_secure
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3646
diff changeset
321 # a secure cookie is not transmitted over unsecure connections:
be4cefe2a219 secure session cookies for https, cfg.cookie_secure
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3646
diff changeset
322 if (cfg.cookie_secure or # True means: force secure cookies
be4cefe2a219 secure session cookies for https, cfg.cookie_secure
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3646
diff changeset
323 cfg.cookie_secure is None and request.is_ssl): # None means: https -> secure cookie
be4cefe2a219 secure session cookies for https, cfg.cookie_secure
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3646
diff changeset
324 cookie[cookie_name]['secure'] = True
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
325 return cookie.output()
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
326
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
327 def _set_cookie(self, request, cookie_string, expires):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
328 """ Set cookie, raw helper. """
3646
68da15c7eeec session._set.cookie: lifetime needs to be integer bug fix for 1.7NoSessionCookieCreatedOnKonqueror
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3499
diff changeset
329 lifetime = int(expires - time.time())
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
330 cookie = self._make_cookie(request, self.cookie_name, cookie_string,
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
331 lifetime, expires)
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
332 # Set cookie
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
333 request.setHttpHeader(cookie)
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
334 # IMPORTANT: Prevent caching of current page and cookie
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
335 request.disableHttpCaching()
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
336
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
337 def set(self, request, session_name, expires):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
338 """ Set moin_session cookie """
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
339 self._set_cookie(request, session_name, expires)
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
340 logging.debug("setting cookie with session_name %r, expiry %r" % (session_name, expires))
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
341
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
342 def get(self, request):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
343 session_name = None
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
344 if request.cookie and self.cookie_name in request.cookie:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
345 session_name = request.cookie[self.cookie_name].value
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
346 session_name = ''.join([c for c in session_name
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
347 if c in self._SESSION_NAME_CHARS])
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
348 session_name = session_name[:self._SESSION_NAME_LEN]
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
349 logging.debug("got cookie with session_name %r" % session_name)
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
350 return session_name
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
351
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
352
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
353 def _get_anon_session_lifetime(request):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
354 if hasattr(request.cfg, 'anonymous_session_lifetime'):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
355 return request.cfg.anonymous_session_lifetime * 3600
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
356 return 0
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
357
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
358 def _get_session_lifetime(request, user_obj):
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
359 """ Get session lifetime for the user object user_obj """
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
360 lifetime = int(request.cfg.cookie_lifetime) * 3600
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
361 forever = 10 * 365 * 24 * 3600 # 10 years
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
362 if not lifetime:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
363 return forever
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
364 elif lifetime > 0:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
365 if user_obj.remember_me:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
366 return forever
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
367 return lifetime
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
368 elif lifetime < 0:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
369 return -lifetime
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
370 return lifetime
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
371
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
372
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
373 class DefaultSessionHandler(SessionHandler):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
374 """MoinMoin default session handler
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
375
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
376 This session handler uses the MOIN_SESSION cookie and a configurable
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
377 session data class.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
378 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
379 def __init__(self, dataclass=CacheSessionData):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
380 """DefaultSessionHandler constructor
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
381
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
382 @param dataclass: class derived from DefaultSessionData or a callable
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
383 that takes parameters (request, name, expires)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
384 and returns a DefaultSessionData instance.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
385 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
386 SessionHandler.__init__(self)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
387 self.dataclass = dataclass
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
388
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
389 def start(self, request, session_id_handler):
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
390 user_obj = None
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
391 session_name = session_id_handler.get(request)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
392 if session_name:
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
393 logging.debug("starting session (reusing session_name %r)" % session_name)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
394 sessiondata = self.dataclass(request, session_name)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
395 sessiondata.is_new = False
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
396 sessiondata.is_stored = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
397 request.session = sessiondata
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
398 if 'user.id' in sessiondata:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
399 uid = sessiondata['user.id']
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
400 method = sessiondata['user.auth_method']
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
401 attribs = sessiondata['user.auth_attribs']
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
402 # Only allow valid methods that are still in the auth list.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
403 # This is necessary to kick out clients who authenticated in
2905
cd9be78f15db remove a stray # in a comment
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2031
diff changeset
404 # the past with a method that was removed from the auth list!
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
405 if method:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
406 for auth in request.cfg.auth:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
407 if auth.name == method:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
408 user_obj = User(request, id=uid,
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
409 auth_method=method,
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
410 auth_attribs=attribs)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
411 if user_obj:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
412 sessiondata.is_stored = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
413 else:
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
414 store = hasattr(request.cfg, 'anonymous_session_lifetime')
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
415 sessiondata.is_stored = store
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
416 else:
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
417 session_name = session_id_handler.generate_new_id(request)
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
418 logging.debug("starting session (new session_name %r)" % session_name)
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
419 store = hasattr(request.cfg, 'anonymous_session_lifetime')
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
420 sessiondata = self.dataclass(request, session_name)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
421 sessiondata.is_new = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
422 sessiondata.is_stored = store
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
423 request.session = sessiondata
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
424 logging.debug("session started for user %r" % user_obj)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
425 return user_obj
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
426
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
427 def after_auth(self, request, session_id_handler, user_obj):
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
428 session = request.session
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
429 if user_obj and user_obj.valid:
3498
1c113184a79b MoinMoin.session: bug fix for http_auth for two user using one browser (invalida
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3481
diff changeset
430 if 'user.id' in session and session['user.id'] != user_obj.id:
1c113184a79b MoinMoin.session: bug fix for http_auth for two user using one browser (invalida
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 3481
diff changeset
431 session.delete()
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
432 session['user.id'] = user_obj.id
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
433 session['user.auth_method'] = user_obj.auth_method
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
434 session['user.auth_attribs'] = user_obj.auth_attribs
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
435 lifetime = _get_session_lifetime(request, user_obj)
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
436 expires = time.time() + lifetime
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
437 session_id_handler.set(request, session.name, expires)
2913
99d5fca40c1e fix session expiry update bug
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2912
diff changeset
438 request.session.set_expiry(expires)
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
439 logging.debug("after auth: storing valid user into session: %r" % user_obj.name)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
440 else:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
441 if 'user.id' in session:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
442 session.delete()
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
443 lifetime = _get_anon_session_lifetime(request)
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
444 if lifetime:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
445 expires = time.time() + lifetime
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
446 session_id_handler.set(request, session.name, expires)
2913
99d5fca40c1e fix session expiry update bug
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2912
diff changeset
447 request.session.set_expiry(expires)
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
448 logging.debug("after auth: no valid user, anon session: %r" % session.name)
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
449 else:
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
450 session.delete()
3481
9a3deab96cb7 improve auth/session logging, add auth/session debug logging config
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2919
diff changeset
451 logging.debug("after auth: no valid user, no anon session")
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
452
2912
4be125bafc8a session handling: separate out an extra dimension for persistent IDs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2911
diff changeset
453 def finish(self, request, session_id_handler, user_obj):
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
454 # every once a while, clean up deleted sessions:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
455 if random.randint(0, 999) == 0:
2906
aaa550567872 integrate DefaultSessionHandler cleanup into DefaultSessionData
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2905
diff changeset
456 self.dataclass.cleanup(request)